PCRE library is prone to a vulnerability which leads to Heap
Overflow. During the compilation of a malformed regular expression,
more data is written on the malloced block than the expected size
output by compile_regex. Exploits with advanced Heap Fengshui
techniques may allow an attacker to execute arbitrary code in the
context of the user running the affected application.

Latest version of PCRE is prone to a Heap Overflow vulnerability
which could caused by the following regular expression.

PCRE library is prone to a vulnerability which leads to Heap
Overflow. During subpattern calculation of a malformed regular
expression, an offset that is used as an array index is fully
controlled and can be large enough so that unexpected heap
memory regions are accessed.

One could at least exploit this issue to read objects nearby of
the affected application's memory.

Such information disclosure may also be used to bypass memory
protection method such as ASLR.

PCRE library is prone to a vulnerability which leads
to Heap Overflow. During the compilation of a malformed
regular expression, more data is written on the malloced
block than the expected size output by compile_regex.

PCRE library is prone to a vulnerability which leads to
Stack Overflow. Without enough bound checking inside
match(), the stack memory could be overflowed via a
crafted regular expression.

A pattern such as "((?2){0,1999}())?", which has a group
containing a forward reference repeated a large (but limited)
number of times within a repeated outer group that has a zero
minimum quantifier, caused incorrect code to be compiled,
leading to the error "internal error: previously-checked
referenced subpattern not found" when an incorrect memory
address was read. This bug was reported as "heap overflow",
discovered by Kai Lu of Fortinet's FortiGuard Labs and given
the CVE number CVE-2015-2325.

A pattern such as "((?+1)(\1))/" containing a forward
reference subroutine call within a group that also contained
a recursive back reference caused incorrect code to be
compiled. This bug was reported as "heap overflow",
discovered by Kai Lu of Fortinet's FortiGuard Labs,
and given the CVE number CVE-2015-2326.

PCRE library is prone to a vulnerability which leads to
Heap Overflow.
During the compilation of a malformed regular expression, more data is
written on the malloced block than the expected size output by
compile_regex().
The Heap Overflow vulnerability is caused by the following regular
expression.

A dry run of this particular regular expression with pcretest will
reports "double free or corruption (!prev)".
But it is actually a heap overflow problem.
The overflow only affects pcre 8.x branch, pcre2 branch is not affected.